General
-
Target
ba14df5ab0c498214845f06727b967e8
-
Size
465KB
-
Sample
240308-a162yabe6x
-
MD5
ba14df5ab0c498214845f06727b967e8
-
SHA1
d812844ac58838fc3887898188d8beaae34776b9
-
SHA256
294c493463c8777d532d16b1f67d064dd74900788d9f7e562dd57e0eb6905d82
-
SHA512
bd5069269bc3c2ac28d12626dcbd800ca1fdb634aa0a72e79b92360b25f262e6f72a7623a35d28bdc0affa5fbc991f4b81fbd6c406e8b26ab7aa0898c50ad7b7
-
SSDEEP
6144:hCWDYuPpV5K98TJPaWFlwBrWAyojLd8zmWGjC7IivbzHGOlB:JDYWpO4daWTwloofeztGdi/HGa
Static task
static1
Behavioral task
behavioral1
Sample
ba14df5ab0c498214845f06727b967e8.exe
Resource
win7-20240215-en
Malware Config
Extracted
lokibot
http://185.227.139.18/dsaicosaicasdi.php/SczbkxCQZQyVr
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
ba14df5ab0c498214845f06727b967e8
-
Size
465KB
-
MD5
ba14df5ab0c498214845f06727b967e8
-
SHA1
d812844ac58838fc3887898188d8beaae34776b9
-
SHA256
294c493463c8777d532d16b1f67d064dd74900788d9f7e562dd57e0eb6905d82
-
SHA512
bd5069269bc3c2ac28d12626dcbd800ca1fdb634aa0a72e79b92360b25f262e6f72a7623a35d28bdc0affa5fbc991f4b81fbd6c406e8b26ab7aa0898c50ad7b7
-
SSDEEP
6144:hCWDYuPpV5K98TJPaWFlwBrWAyojLd8zmWGjC7IivbzHGOlB:JDYWpO4daWTwloofeztGdi/HGa
-
Detect ZGRat V1
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-